oss.v1alpha1.ssoSettings

"SsoSettings is the Schema for the SsoSettingss API. Manages Grafana SSO Settings for OAuth2 and SAML. Official documentation https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/sso-settings/"

Fields

fn new

new(name)

new returns an instance of SsoSettings

obj metadata

"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."

fn metadata.withAnnotations

withAnnotations(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

fn metadata.withAnnotationsMixin

withAnnotationsMixin(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

Note: This function appends passed data to existing values

fn metadata.withClusterName

withClusterName(clusterName)

"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."

fn metadata.withCreationTimestamp

withCreationTimestamp(creationTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withDeletionGracePeriodSeconds

withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)

"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."

fn metadata.withDeletionTimestamp

withDeletionTimestamp(deletionTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withFinalizers

withFinalizers(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

fn metadata.withFinalizersMixin

withFinalizersMixin(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

Note: This function appends passed data to existing values

fn metadata.withGenerateName

withGenerateName(generateName)

"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"

fn metadata.withGeneration

withGeneration(generation)

"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."

fn metadata.withLabels

withLabels(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

fn metadata.withLabelsMixin

withLabelsMixin(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

Note: This function appends passed data to existing values

fn metadata.withName

withName(name)

"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"

fn metadata.withNamespace

withNamespace(namespace)

"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"

fn metadata.withOwnerReferences

withOwnerReferences(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

fn metadata.withOwnerReferencesMixin

withOwnerReferencesMixin(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

Note: This function appends passed data to existing values

fn metadata.withResourceVersion

withResourceVersion(resourceVersion)

"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"

fn metadata.withSelfLink

withSelfLink(selfLink)

"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."

fn metadata.withUid

withUid(uid)

"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"

obj spec

"SsoSettingsSpec defines the desired state of SsoSettings"

fn spec.withDeletionPolicy

withDeletionPolicy(deletionPolicy)

"DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223"

fn spec.withManagementPolicies

withManagementPolicies(managementPolicies)

"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"

fn spec.withManagementPoliciesMixin

withManagementPoliciesMixin(managementPolicies)

"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"

Note: This function appends passed data to existing values

obj spec.forProvider

fn spec.forProvider.withOauth2Settings

withOauth2Settings(oauth2Settings)

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

fn spec.forProvider.withOauth2SettingsMixin

withOauth2SettingsMixin(oauth2Settings)

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

Note: This function appends passed data to existing values

fn spec.forProvider.withProviderName

withProviderName(providerName)

"(String) The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml.\nThe name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml."

fn spec.forProvider.withSamlSettings

withSamlSettings(samlSettings)

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

fn spec.forProvider.withSamlSettingsMixin

withSamlSettingsMixin(samlSettings)

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

Note: This function appends passed data to existing values

obj spec.forProvider.oauth2Settings

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

fn spec.forProvider.oauth2Settings.withAllowAssignGrafanaAdmin

withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)

"(Boolean) If enabled, it will automatically sync the Grafana server administrator role.\nIf enabled, it will automatically sync the Grafana server administrator role."

fn spec.forProvider.oauth2Settings.withAllowSignUp

withAllowSignUp(allowSignUp)

"(Boolean) If not enabled, only existing Grafana users can log in using OAuth.\nIf not enabled, only existing Grafana users can log in using OAuth."

fn spec.forProvider.oauth2Settings.withAllowedDomains

withAllowedDomains(allowedDomains)

"or space-separated domains. The user should belong to at least one domain to log in.\nList of comma- or space-separated domains. The user should belong to at least one domain to log in."

fn spec.forProvider.oauth2Settings.withAllowedGroups

withAllowedGroups(allowedGroups)

"or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.\nList of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path."

fn spec.forProvider.oauth2Settings.withAllowedOrganizations

withAllowedOrganizations(allowedOrganizations)

"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. The user should be a member of at least one organization to log in."

fn spec.forProvider.oauth2Settings.withApiUrl

withApiUrl(apiUrl)

"(String) The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.forProvider.oauth2Settings.withAuthStyle

withAuthStyle(authStyle)

"(String) It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.\nIt determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect."

fn spec.forProvider.oauth2Settings.withAuthUrl

withAuthUrl(authUrl)

"(String) The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.forProvider.oauth2Settings.withAutoLogin

withAutoLogin(autoLogin)

"(Boolean) Log in automatically, skipping the login screen.\nLog in automatically, skipping the login screen."

fn spec.forProvider.oauth2Settings.withClientId

withClientId(clientId)

"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."

fn spec.forProvider.oauth2Settings.withCustom

withCustom(custom)

"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."

fn spec.forProvider.oauth2Settings.withCustomMixin

withCustomMixin(custom)

"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."

Note: This function appends passed data to existing values

fn spec.forProvider.oauth2Settings.withDefineAllowedGroups

withDefineAllowedGroups(defineAllowedGroups)

"(Boolean) Define allowed groups.\nDefine allowed groups."

fn spec.forProvider.oauth2Settings.withDefineAllowedTeamsIds

withDefineAllowedTeamsIds(defineAllowedTeamsIds)

"(Boolean) Define allowed teams ids.\nDefine allowed teams ids."

fn spec.forProvider.oauth2Settings.withEmailAttributeName

withEmailAttributeName(emailAttributeName)

"(String) Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.\nName of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withEmailAttributePath

withEmailAttributePath(emailAttributePath)

"(String) JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.\nJMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withEmptyScopes

withEmptyScopes(emptyScopes)

"(Boolean) If enabled, no scopes will be sent to the OAuth2 provider.\nIf enabled, no scopes will be sent to the OAuth2 provider."

fn spec.forProvider.oauth2Settings.withEnabled

withEnabled(enabled)

"(Boolean) Define whether this configuration is enabled for the specified provider. Defaults to true.\nDefine whether this configuration is enabled for the specified provider. Defaults to true."

fn spec.forProvider.oauth2Settings.withGroupsAttributePath

withGroupsAttributePath(groupsAttributePath)

"(String) JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.\nJMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path."

fn spec.forProvider.oauth2Settings.withIdTokenAttributeName

withIdTokenAttributeName(idTokenAttributeName)

"(String) The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.\nThe name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withLoginAttributePath

withLoginAttributePath(loginAttributePath)

"(String) JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.\nJMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withName

withName(name)

"(String) Helpful if you use more than one identity providers or SSO protocols.\nHelpful if you use more than one identity providers or SSO protocols."

fn spec.forProvider.oauth2Settings.withNameAttributePath

withNameAttributePath(nameAttributePath)

"(String) JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.\nJMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withRoleAttributePath

withRoleAttributePath(roleAttributePath)

"(String) JMESPath expression to use for Grafana role lookup.\nJMESPath expression to use for Grafana role lookup."

fn spec.forProvider.oauth2Settings.withRoleAttributeStrict

withRoleAttributeStrict(roleAttributeStrict)

"(Boolean) If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.\nIf enabled, denies user login if the Grafana role cannot be extracted using Role attribute path."

fn spec.forProvider.oauth2Settings.withScopes

withScopes(scopes)

"or space-separated OAuth2 scopes.\nList of comma- or space-separated OAuth2 scopes."

fn spec.forProvider.oauth2Settings.withSignoutRedirectUrl

withSignoutRedirectUrl(signoutRedirectUrl)

"(String) The URL to redirect the user to after signing out from Grafana.\nThe URL to redirect the user to after signing out from Grafana."

fn spec.forProvider.oauth2Settings.withSkipOrgRoleSync

withSkipOrgRoleSync(skipOrgRoleSync)

"(Boolean) Prevent synchronizing users’ organization roles from your IdP.\nPrevent synchronizing users’ organization roles from your IdP."

fn spec.forProvider.oauth2Settings.withTeamIds

withTeamIds(teamIds)

"(String) String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.\nString list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path."

fn spec.forProvider.oauth2Settings.withTeamIdsAttributePath

withTeamIdsAttributePath(teamIdsAttributePath)

"(String) The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.\nThe JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withTeamsUrl

withTeamsUrl(teamsUrl)

"(String) The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.\nThe URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth."

fn spec.forProvider.oauth2Settings.withTlsClientCa

withTlsClientCa(tlsClientCa)

"(String) The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.\nThe path to the trusted certificate authority list. Is not applicable on Grafana Cloud."

fn spec.forProvider.oauth2Settings.withTlsClientCert

withTlsClientCert(tlsClientCert)

"(String) The path to the certificate. Is not applicable on Grafana Cloud.\nThe path to the certificate. Is not applicable on Grafana Cloud."

fn spec.forProvider.oauth2Settings.withTlsClientKey

withTlsClientKey(tlsClientKey)

"(String) The path to the key. Is not applicable on Grafana Cloud.\nThe path to the key. Is not applicable on Grafana Cloud."

fn spec.forProvider.oauth2Settings.withTlsSkipVerifyInsecure

withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)

"in-the-middle attacks.\nIf enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."

fn spec.forProvider.oauth2Settings.withTokenUrl

withTokenUrl(tokenUrl)

"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.forProvider.oauth2Settings.withUsePkce

withUsePkce(usePkce)

"(Boolean) If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.\nIf enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant."

fn spec.forProvider.oauth2Settings.withUseRefreshToken

withUseRefreshToken(useRefreshToken)

"(Boolean) If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.\nIf enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider."

obj spec.forProvider.oauth2Settings.clientSecretSecretRef

"(String, Sensitive) The client secret of your OAuth2 app.\nThe client secret of your OAuth2 app."

fn spec.forProvider.oauth2Settings.clientSecretSecretRef.withKey

withKey(key)

"The key to select."

fn spec.forProvider.oauth2Settings.clientSecretSecretRef.withName

withName(name)

"Name of the secret."

fn spec.forProvider.oauth2Settings.clientSecretSecretRef.withNamespace

withNamespace(namespace)

"Namespace of the secret."

obj spec.forProvider.samlSettings

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

fn spec.forProvider.samlSettings.withAllowIdpInitiated

withAllowIdpInitiated(allowIdpInitiated)

"initiated login is allowed.\nWhether SAML IdP-initiated login is allowed."

fn spec.forProvider.samlSettings.withAllowSignUp

withAllowSignUp(allowSignUp)

"(Boolean) If not enabled, only existing Grafana users can log in using OAuth.\nWhether to allow new Grafana user creation through SAML login. If set to false, then only existing Grafana users can log in with SAML."

fn spec.forProvider.samlSettings.withAllowedOrganizations

withAllowedOrganizations(allowedOrganizations)

"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. User should be a member of at least one organization to log in."

fn spec.forProvider.samlSettings.withAssertionAttributeEmail

withAssertionAttributeEmail(assertionAttributeEmail)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user email.\nFriendly name or name of the attribute within the SAML assertion to use as the user email."

fn spec.forProvider.samlSettings.withAssertionAttributeGroups

withAssertionAttributeGroups(assertionAttributeGroups)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user groups.\nFriendly name or name of the attribute within the SAML assertion to use as the user groups."

fn spec.forProvider.samlSettings.withAssertionAttributeLogin

withAssertionAttributeLogin(assertionAttributeLogin)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user login handle.\nFriendly name or name of the attribute within the SAML assertion to use as the user login handle."

fn spec.forProvider.samlSettings.withAssertionAttributeName

withAssertionAttributeName(assertionAttributeName)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion.\nFriendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion."

fn spec.forProvider.samlSettings.withAssertionAttributeOrg

withAssertionAttributeOrg(assertionAttributeOrg)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user organization.\nFriendly name or name of the attribute within the SAML assertion to use as the user organization."

fn spec.forProvider.samlSettings.withAssertionAttributeRole

withAssertionAttributeRole(assertionAttributeRole)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user roles.\nFriendly name or name of the attribute within the SAML assertion to use as the user roles."

fn spec.forProvider.samlSettings.withAutoLogin

withAutoLogin(autoLogin)

"(Boolean) Log in automatically, skipping the login screen.\nWhether SAML auto login is enabled."

fn spec.forProvider.samlSettings.withCertificatePath

withCertificatePath(certificatePath)

"(String) Path for the SP X.509 certificate.\nPath for the SP X.509 certificate."

fn spec.forProvider.samlSettings.withEnabled

withEnabled(enabled)

"(Boolean) Define whether this configuration is enabled for the specified provider. Defaults to true.\nDefine whether this configuration is enabled for SAML. Defaults to true."

fn spec.forProvider.samlSettings.withIdpMetadata

withIdpMetadata(idpMetadata)

"encoded string for the IdP SAML metadata XML.\nBase64-encoded string for the IdP SAML metadata XML."

fn spec.forProvider.samlSettings.withIdpMetadataPath

withIdpMetadataPath(idpMetadataPath)

"(String) Path for the IdP SAML metadata XML.\nPath for the IdP SAML metadata XML."

fn spec.forProvider.samlSettings.withIdpMetadataUrl

withIdpMetadataUrl(idpMetadataUrl)

"(String) URL for the IdP SAML metadata XML.\nURL for the IdP SAML metadata XML."

fn spec.forProvider.samlSettings.withMaxIssueDelay

withMaxIssueDelay(maxIssueDelay)

"(String) Duration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h.\nDuration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h."

fn spec.forProvider.samlSettings.withMetadataValidDuration

withMetadataValidDuration(metadataValidDuration)

"(String) Duration, for how long the SP metadata is valid. For example: 48h, 5d.\nDuration, for how long the SP metadata is valid. For example: 48h, 5d."

fn spec.forProvider.samlSettings.withName

withName(name)

"(String) Helpful if you use more than one identity providers or SSO protocols.\nName used to refer to the SAML authentication."

fn spec.forProvider.samlSettings.withNameIdFormat

withNameIdFormat(nameIdFormat)

"format:transient\nThe Name ID Format to request within the SAML assertion. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

fn spec.forProvider.samlSettings.withOrgMapping

withOrgMapping(orgMapping)

"or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin."

fn spec.forProvider.samlSettings.withPrivateKeyPath

withPrivateKeyPath(privateKeyPath)

"(String) Path for the SP private key.\nPath for the SP private key."

fn spec.forProvider.samlSettings.withRelayState

withRelayState(relayState)

"initiated login. Should match relay state configured in IdP.\nRelay state for IdP-initiated login. Should match relay state configured in IdP."

fn spec.forProvider.samlSettings.withRoleValuesAdmin

withRoleValuesAdmin(roleValuesAdmin)

"or space-separated roles which will be mapped into the Admin role.\nList of comma- or space-separated roles which will be mapped into the Admin role."

fn spec.forProvider.samlSettings.withRoleValuesEditor

withRoleValuesEditor(roleValuesEditor)

"or space-separated roles which will be mapped into the Editor role.\nList of comma- or space-separated roles which will be mapped into the Editor role."

fn spec.forProvider.samlSettings.withRoleValuesGrafanaAdmin

withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)

"or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role.\nList of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role."

fn spec.forProvider.samlSettings.withRoleValuesNone

withRoleValuesNone(roleValuesNone)

"or space-separated roles which will be mapped into the None role.\nList of comma- or space-separated roles which will be mapped into the None role."

fn spec.forProvider.samlSettings.withSignatureAlgorithm

withSignatureAlgorithm(signatureAlgorithm)

"sha1, rsa-sha256, rsa-sha512.\nSignature algorithm used for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512."

fn spec.forProvider.samlSettings.withSingleLogout

withSingleLogout(singleLogout)

"(Boolean) Whether SAML Single Logout is enabled.\nWhether SAML Single Logout is enabled."

obj spec.forProvider.samlSettings.certificateSecretRef

"encoded string for the SP X.509 certificate.\nBase64-encoded string for the SP X.509 certificate."

fn spec.forProvider.samlSettings.certificateSecretRef.withKey

withKey(key)

"The key to select."

fn spec.forProvider.samlSettings.certificateSecretRef.withName

withName(name)

"Name of the secret."

fn spec.forProvider.samlSettings.certificateSecretRef.withNamespace

withNamespace(namespace)

"Namespace of the secret."

obj spec.forProvider.samlSettings.privateKeySecretRef

"encoded string for the SP private key.\nBase64-encoded string for the SP private key."

fn spec.forProvider.samlSettings.privateKeySecretRef.withKey

withKey(key)

"The key to select."

fn spec.forProvider.samlSettings.privateKeySecretRef.withName

withName(name)

"Name of the secret."

fn spec.forProvider.samlSettings.privateKeySecretRef.withNamespace

withNamespace(namespace)

"Namespace of the secret."

obj spec.initProvider

"THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler."

fn spec.initProvider.withOauth2Settings

withOauth2Settings(oauth2Settings)

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

fn spec.initProvider.withOauth2SettingsMixin

withOauth2SettingsMixin(oauth2Settings)

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

Note: This function appends passed data to existing values

fn spec.initProvider.withProviderName

withProviderName(providerName)

"(String) The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml.\nThe name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml."

fn spec.initProvider.withSamlSettings

withSamlSettings(samlSettings)

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

fn spec.initProvider.withSamlSettingsMixin

withSamlSettingsMixin(samlSettings)

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

Note: This function appends passed data to existing values

obj spec.initProvider.oauth2Settings

"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."

fn spec.initProvider.oauth2Settings.withAllowAssignGrafanaAdmin

withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)

"(Boolean) If enabled, it will automatically sync the Grafana server administrator role.\nIf enabled, it will automatically sync the Grafana server administrator role."

fn spec.initProvider.oauth2Settings.withAllowSignUp

withAllowSignUp(allowSignUp)

"(Boolean) If not enabled, only existing Grafana users can log in using OAuth.\nIf not enabled, only existing Grafana users can log in using OAuth."

fn spec.initProvider.oauth2Settings.withAllowedDomains

withAllowedDomains(allowedDomains)

"or space-separated domains. The user should belong to at least one domain to log in.\nList of comma- or space-separated domains. The user should belong to at least one domain to log in."

fn spec.initProvider.oauth2Settings.withAllowedGroups

withAllowedGroups(allowedGroups)

"or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.\nList of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path."

fn spec.initProvider.oauth2Settings.withAllowedOrganizations

withAllowedOrganizations(allowedOrganizations)

"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. The user should be a member of at least one organization to log in."

fn spec.initProvider.oauth2Settings.withApiUrl

withApiUrl(apiUrl)

"(String) The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.initProvider.oauth2Settings.withAuthStyle

withAuthStyle(authStyle)

"(String) It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.\nIt determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect."

fn spec.initProvider.oauth2Settings.withAuthUrl

withAuthUrl(authUrl)

"(String) The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.initProvider.oauth2Settings.withAutoLogin

withAutoLogin(autoLogin)

"(Boolean) Log in automatically, skipping the login screen.\nLog in automatically, skipping the login screen."

fn spec.initProvider.oauth2Settings.withClientId

withClientId(clientId)

"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."

fn spec.initProvider.oauth2Settings.withCustom

withCustom(custom)

"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."

fn spec.initProvider.oauth2Settings.withCustomMixin

withCustomMixin(custom)

"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."

Note: This function appends passed data to existing values

fn spec.initProvider.oauth2Settings.withDefineAllowedGroups

withDefineAllowedGroups(defineAllowedGroups)

"(Boolean) Define allowed groups.\nDefine allowed groups."

fn spec.initProvider.oauth2Settings.withDefineAllowedTeamsIds

withDefineAllowedTeamsIds(defineAllowedTeamsIds)

"(Boolean) Define allowed teams ids.\nDefine allowed teams ids."

fn spec.initProvider.oauth2Settings.withEmailAttributeName

withEmailAttributeName(emailAttributeName)

"(String) Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.\nName of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withEmailAttributePath

withEmailAttributePath(emailAttributePath)

"(String) JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.\nJMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withEmptyScopes

withEmptyScopes(emptyScopes)

"(Boolean) If enabled, no scopes will be sent to the OAuth2 provider.\nIf enabled, no scopes will be sent to the OAuth2 provider."

fn spec.initProvider.oauth2Settings.withEnabled

withEnabled(enabled)

"(Boolean) Define whether this configuration is enabled for the specified provider. Defaults to true.\nDefine whether this configuration is enabled for the specified provider. Defaults to true."

fn spec.initProvider.oauth2Settings.withGroupsAttributePath

withGroupsAttributePath(groupsAttributePath)

"(String) JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.\nJMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path."

fn spec.initProvider.oauth2Settings.withIdTokenAttributeName

withIdTokenAttributeName(idTokenAttributeName)

"(String) The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.\nThe name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withLoginAttributePath

withLoginAttributePath(loginAttributePath)

"(String) JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.\nJMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withName

withName(name)

"(String) Helpful if you use more than one identity providers or SSO protocols.\nHelpful if you use more than one identity providers or SSO protocols."

fn spec.initProvider.oauth2Settings.withNameAttributePath

withNameAttributePath(nameAttributePath)

"(String) JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.\nJMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withRoleAttributePath

withRoleAttributePath(roleAttributePath)

"(String) JMESPath expression to use for Grafana role lookup.\nJMESPath expression to use for Grafana role lookup."

fn spec.initProvider.oauth2Settings.withRoleAttributeStrict

withRoleAttributeStrict(roleAttributeStrict)

"(Boolean) If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.\nIf enabled, denies user login if the Grafana role cannot be extracted using Role attribute path."

fn spec.initProvider.oauth2Settings.withScopes

withScopes(scopes)

"or space-separated OAuth2 scopes.\nList of comma- or space-separated OAuth2 scopes."

fn spec.initProvider.oauth2Settings.withSignoutRedirectUrl

withSignoutRedirectUrl(signoutRedirectUrl)

"(String) The URL to redirect the user to after signing out from Grafana.\nThe URL to redirect the user to after signing out from Grafana."

fn spec.initProvider.oauth2Settings.withSkipOrgRoleSync

withSkipOrgRoleSync(skipOrgRoleSync)

"(Boolean) Prevent synchronizing users’ organization roles from your IdP.\nPrevent synchronizing users’ organization roles from your IdP."

fn spec.initProvider.oauth2Settings.withTeamIds

withTeamIds(teamIds)

"(String) String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.\nString list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path."

fn spec.initProvider.oauth2Settings.withTeamIdsAttributePath

withTeamIdsAttributePath(teamIdsAttributePath)

"(String) The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.\nThe JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withTeamsUrl

withTeamsUrl(teamsUrl)

"(String) The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.\nThe URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth."

fn spec.initProvider.oauth2Settings.withTlsClientCa

withTlsClientCa(tlsClientCa)

"(String) The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.\nThe path to the trusted certificate authority list. Is not applicable on Grafana Cloud."

fn spec.initProvider.oauth2Settings.withTlsClientCert

withTlsClientCert(tlsClientCert)

"(String) The path to the certificate. Is not applicable on Grafana Cloud.\nThe path to the certificate. Is not applicable on Grafana Cloud."

fn spec.initProvider.oauth2Settings.withTlsClientKey

withTlsClientKey(tlsClientKey)

"(String) The path to the key. Is not applicable on Grafana Cloud.\nThe path to the key. Is not applicable on Grafana Cloud."

fn spec.initProvider.oauth2Settings.withTlsSkipVerifyInsecure

withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)

"in-the-middle attacks.\nIf enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."

fn spec.initProvider.oauth2Settings.withTokenUrl

withTokenUrl(tokenUrl)

"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."

fn spec.initProvider.oauth2Settings.withUsePkce

withUsePkce(usePkce)

"(Boolean) If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.\nIf enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant."

fn spec.initProvider.oauth2Settings.withUseRefreshToken

withUseRefreshToken(useRefreshToken)

"(Boolean) If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.\nIf enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider."

obj spec.initProvider.samlSettings

"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."

fn spec.initProvider.samlSettings.withAllowIdpInitiated

withAllowIdpInitiated(allowIdpInitiated)

"initiated login is allowed.\nWhether SAML IdP-initiated login is allowed."

fn spec.initProvider.samlSettings.withAllowSignUp

withAllowSignUp(allowSignUp)

"(Boolean) If not enabled, only existing Grafana users can log in using OAuth.\nWhether to allow new Grafana user creation through SAML login. If set to false, then only existing Grafana users can log in with SAML."

fn spec.initProvider.samlSettings.withAllowedOrganizations

withAllowedOrganizations(allowedOrganizations)

"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. User should be a member of at least one organization to log in."

fn spec.initProvider.samlSettings.withAssertionAttributeEmail

withAssertionAttributeEmail(assertionAttributeEmail)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user email.\nFriendly name or name of the attribute within the SAML assertion to use as the user email."

fn spec.initProvider.samlSettings.withAssertionAttributeGroups

withAssertionAttributeGroups(assertionAttributeGroups)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user groups.\nFriendly name or name of the attribute within the SAML assertion to use as the user groups."

fn spec.initProvider.samlSettings.withAssertionAttributeLogin

withAssertionAttributeLogin(assertionAttributeLogin)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user login handle.\nFriendly name or name of the attribute within the SAML assertion to use as the user login handle."

fn spec.initProvider.samlSettings.withAssertionAttributeName

withAssertionAttributeName(assertionAttributeName)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion.\nFriendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion."

fn spec.initProvider.samlSettings.withAssertionAttributeOrg

withAssertionAttributeOrg(assertionAttributeOrg)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user organization.\nFriendly name or name of the attribute within the SAML assertion to use as the user organization."

fn spec.initProvider.samlSettings.withAssertionAttributeRole

withAssertionAttributeRole(assertionAttributeRole)

"(String) Friendly name or name of the attribute within the SAML assertion to use as the user roles.\nFriendly name or name of the attribute within the SAML assertion to use as the user roles."

fn spec.initProvider.samlSettings.withAutoLogin

withAutoLogin(autoLogin)

"(Boolean) Log in automatically, skipping the login screen.\nWhether SAML auto login is enabled."

fn spec.initProvider.samlSettings.withCertificatePath

withCertificatePath(certificatePath)

"(String) Path for the SP X.509 certificate.\nPath for the SP X.509 certificate."

fn spec.initProvider.samlSettings.withEnabled

withEnabled(enabled)

"(Boolean) Define whether this configuration is enabled for the specified provider. Defaults to true.\nDefine whether this configuration is enabled for SAML. Defaults to true."

fn spec.initProvider.samlSettings.withIdpMetadata

withIdpMetadata(idpMetadata)

"encoded string for the IdP SAML metadata XML.\nBase64-encoded string for the IdP SAML metadata XML."

fn spec.initProvider.samlSettings.withIdpMetadataPath

withIdpMetadataPath(idpMetadataPath)

"(String) Path for the IdP SAML metadata XML.\nPath for the IdP SAML metadata XML."

fn spec.initProvider.samlSettings.withIdpMetadataUrl

withIdpMetadataUrl(idpMetadataUrl)

"(String) URL for the IdP SAML metadata XML.\nURL for the IdP SAML metadata XML."

fn spec.initProvider.samlSettings.withMaxIssueDelay

withMaxIssueDelay(maxIssueDelay)

"(String) Duration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h.\nDuration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h."

fn spec.initProvider.samlSettings.withMetadataValidDuration

withMetadataValidDuration(metadataValidDuration)

"(String) Duration, for how long the SP metadata is valid. For example: 48h, 5d.\nDuration, for how long the SP metadata is valid. For example: 48h, 5d."

fn spec.initProvider.samlSettings.withName

withName(name)

"(String) Helpful if you use more than one identity providers or SSO protocols.\nName used to refer to the SAML authentication."

fn spec.initProvider.samlSettings.withNameIdFormat

withNameIdFormat(nameIdFormat)

"format:transient\nThe Name ID Format to request within the SAML assertion. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

fn spec.initProvider.samlSettings.withOrgMapping

withOrgMapping(orgMapping)

"or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin."

fn spec.initProvider.samlSettings.withPrivateKeyPath

withPrivateKeyPath(privateKeyPath)

"(String) Path for the SP private key.\nPath for the SP private key."

fn spec.initProvider.samlSettings.withRelayState

withRelayState(relayState)

"initiated login. Should match relay state configured in IdP.\nRelay state for IdP-initiated login. Should match relay state configured in IdP."

fn spec.initProvider.samlSettings.withRoleValuesAdmin

withRoleValuesAdmin(roleValuesAdmin)

"or space-separated roles which will be mapped into the Admin role.\nList of comma- or space-separated roles which will be mapped into the Admin role."

fn spec.initProvider.samlSettings.withRoleValuesEditor

withRoleValuesEditor(roleValuesEditor)

"or space-separated roles which will be mapped into the Editor role.\nList of comma- or space-separated roles which will be mapped into the Editor role."

fn spec.initProvider.samlSettings.withRoleValuesGrafanaAdmin

withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)

"or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role.\nList of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role."

fn spec.initProvider.samlSettings.withRoleValuesNone

withRoleValuesNone(roleValuesNone)

"or space-separated roles which will be mapped into the None role.\nList of comma- or space-separated roles which will be mapped into the None role."

fn spec.initProvider.samlSettings.withSignatureAlgorithm

withSignatureAlgorithm(signatureAlgorithm)

"sha1, rsa-sha256, rsa-sha512.\nSignature algorithm used for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512."

fn spec.initProvider.samlSettings.withSingleLogout

withSingleLogout(singleLogout)

"(Boolean) Whether SAML Single Logout is enabled.\nWhether SAML Single Logout is enabled."

obj spec.providerConfigRef

"ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured."

fn spec.providerConfigRef.withName

withName(name)

"Name of the referenced object."

obj spec.providerConfigRef.policy

"Policies for referencing."

fn spec.providerConfigRef.policy.withResolution

withResolution(resolution)

"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."

fn spec.providerConfigRef.policy.withResolve

withResolve(resolve)

"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."

obj spec.publishConnectionDetailsTo

"PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource."

fn spec.publishConnectionDetailsTo.withName

withName(name)

"Name is the name of the connection secret."

obj spec.publishConnectionDetailsTo.configRef

"SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret."

fn spec.publishConnectionDetailsTo.configRef.withName

withName(name)

"Name of the referenced object."

obj spec.publishConnectionDetailsTo.configRef.policy

"Policies for referencing."

fn spec.publishConnectionDetailsTo.configRef.policy.withResolution

withResolution(resolution)

"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."

fn spec.publishConnectionDetailsTo.configRef.policy.withResolve

withResolve(resolve)

"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."

obj spec.publishConnectionDetailsTo.metadata

"Metadata is the metadata for connection secret."

fn spec.publishConnectionDetailsTo.metadata.withAnnotations

withAnnotations(annotations)

"Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as \"metadata.annotations\".\n- It is up to Secret Store implementation for others store types."

fn spec.publishConnectionDetailsTo.metadata.withAnnotationsMixin

withAnnotationsMixin(annotations)

"Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as \"metadata.annotations\".\n- It is up to Secret Store implementation for others store types."

Note: This function appends passed data to existing values

fn spec.publishConnectionDetailsTo.metadata.withLabels

withLabels(labels)

"Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as \"metadata.labels\".\n- It is up to Secret Store implementation for others store types."

fn spec.publishConnectionDetailsTo.metadata.withLabelsMixin

withLabelsMixin(labels)

"Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as \"metadata.labels\".\n- It is up to Secret Store implementation for others store types."

Note: This function appends passed data to existing values

fn spec.publishConnectionDetailsTo.metadata.withType

withType(type)

"Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores."

obj spec.writeConnectionSecretToRef

"WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other."

fn spec.writeConnectionSecretToRef.withName

withName(name)

"Name of the secret."

fn spec.writeConnectionSecretToRef.withNamespace

withNamespace(namespace)

"Namespace of the secret."